Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified...
8.1CVSS
7.6AI Score
0.001EPSS
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and...
7.5CVSS
7.4AI Score
0.001EPSS
9.8CVSS
6.7AI Score
0.017EPSS